# Monica CRM – Fix mixed content (HTTP assets on HTTPS) ## Installation context Monica CRM was installed using the **official Proxmox VE Community Script**. This means: * Monica runs inside a **Proxmox LXC container** * PHP, **Apache2**, and the directory structure follow the **community script defaults** * Configuration changes (such as `.env`) are made **inside the LXC** * HTTPS is typically terminated **outside the container** via a reverse proxy (e.g. Nginx Proxy Manager) Because of this setup, **trusted proxy headers and HTTPS detection are mandatory**, otherwise Monica/Laravel will incorrectly assume HTTP and generate mixed-content URLs. --- ## Problem When accessing Monica via HTTPS, the browser may show warnings like: * CSS or images are loaded via `http://` * Assets are blocked or only partially loaded * DevTools shows **“mixed content”** warnings Example: ``` The page at https://monica.example.net requested insecure content from http://monica.example.net/… ``` --- ## Cause Monica (Laravel-based) still thinks it is running on **HTTP**, even though it is accessed via **HTTPS through a reverse proxy**. Typical reasons: * `APP_URL` is still set to `http://` * Reverse proxy headers are not trusted * Laravel configuration cache was not cleared --- ## Solution (recommended order) Follow **steps in order** and test. Best done after a fresh new install. It could be enough to just set the `APP_URL` and the `APP_ENV`. But maybe it doesn't, then you can also try steps 2++. --- ## 1. Set correct `APP_URL` Edit Monica’s `.env` file: ```bash APP_URL=https://monica.example.net ``` Important notes: * Use the **final public URL** * **No trailing slash** * Must match the reverse proxy domain --- ## 2. Set `APP_ENV` to `production` Edit Monica's `.env` file and change from `local` to `production`: ```bash # Two choices: local|production. Use local if you want to install Monica as a # development version. Use production otherwise. APP_ENV=production ``` ## 3. Trust reverse proxy headers (very important) If the above does not work, add this to `.env`: ```bash TRUSTED_PROXIES=* ``` Why this matters: * Monica is behind a reverse proxy * HTTPS is terminated at the proxy * Apache receives HTTP internally * Without trusted headers, Laravel assumes HTTP --- ## 4. Clear and rebuild all caches (mandatory) From the Monica installation directory: ```bash php artisan optimize:clear php artisan config:clear php artisan cache:clear php artisan route:clear php artisan view:clear php artisan config:cache ``` Do **not** skip this step. Laravel caches URLs aggressively. --- ## 5. Restart services ### LXC / bare metal (Apache2) ```bash systemctl restart apache2 ``` ### Docker / Docker Compose ```bash docker compose restart ``` --- ### Nginx Proxy Manager (common setup) * Enabled by default * Do **not** override `Host` headers * Do **not** force HTTP upstream * Remove custom proxy headers if unsure Apache does **not** need special configuration for this as long as the headers are passed correctly. --- ## 7. Verify in the browser * Open the site with HTTPS * Hard refresh (`Cmd + Shift + R`) * Open DevTools → Network * All assets must load via `https://` Test directly: ``` https://monica.example.net/css/app-ltr.css ``` No redirects to `http://` should occur. --- ## Summary To fix mixed content issues in Monica behind a reverse proxy (Apache2 setup): * Set `APP_URL` to HTTPS * Set `APP_ENV` to `production` * Trust proxy headers * Clear **all** Laravel caches * Restart Apache and or reboot. Once done, Monica will correctly serve **all assets over HTTPS**.